Vodafone TV multicast settings on pfSense?

Forums › Vodafone New Zealand › Vodafone TV multicast settings on pfSense?

kenkeniff

563 posts

Ultimate Geek
+1 received by user: 89

Topic # 151247 19-Aug-2014 08:25

I've managed to setup pfSense as a Vodafone UFB router running inside VMWare workstation on Windows 8. Also have HG659 connected to LAN in bridged mode.

Looks like this:
pfSense WAN > VMWare Bridge Protocol > Virtual NIC - VLAN 10 (On Windows) > NIC1 > ONT
pfSense LAN > VMWare Bridge Protocol > NIC2 > HG659 (Bridge mode) > STB

The Vodafone TV STB successfully gets an IP etc via DHCP however I can't seem to get multicasting working as constantly getting "service unavailable".

Current IGMP Proxy settings in pfSense are:
WAN | Upstream | 224.0.0.0/4, 184.60.0.0/16, 184.61.0.0/16
LAN | Downstream | 192.168.1.0/24

Also have a firewall rule with (have tried a bunch of others):
ALLOW
Proto: IPv4 UDP
Source: 224.0.0.0/4:*
Destination: *
Allow packets with IP options to pass

Has anyone managed to get Vodafone TV multicasting to work through pfSense or know what the corrects IGMP Proxy settings and firewall rules should be?

I've tried instruction provided for different STB's or routers here:

Some firewall logs:

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13

563 posts

Ultimate Geek
+1 received by user: 89

Reply # 1111083 19-Aug-2014 09:37

Is anyone able to confirm whether the general setup is correct (with the STB on LAN) or does the STB need to be configured on a different WAN (& possibly VLAN) as described here?:

https://forum.pfsense.org/index.php?topic=77466.msg422514#msg422514

InstallerUFB

810 posts

Ultimate Geek
+1 received by user: 207

Reply # 1111135 19-Aug-2014 10:36

Just a side question does the multicast service work if you connect up the VF supplied RGW to the ONT and on to the STB - It may be that multicast has been inadvertinly been droped from the connection? - haveing done a few faults now with this situation I know it does happen.

kenkeniff

563 posts

Ultimate Geek
+1 received by user: 89

Reply # 1111177 19-Aug-2014 11:19

InstallerUFB: Just a side question does the multicast service work if you connect up the VF supplied RGW to the ONT and on to the STB - It may be that multicast has been inadvertinly been droped from the connection? - haveing done a few faults now with this situation I know it does happen.

Yes it worked yesterday on the VF RGW until I reconfigured it to go through pfSense.

chrispchikin

121 posts

Master Geek
+1 received by user: 30

Reply # 1111278 19-Aug-2014 13:29

From the firewall logs, it looks like you're dropping outbound multicast traffic to Vodafone - just to prove your multicast config, try adding a temporary rule similar to below:

Source: ANY
Destination: ANY
Proto: IGMP
Action: Allow

Once this is working, you can refine the source and destinations of the rule.

kenkeniff

563 posts

Ultimate Geek
+1 received by user: 89

Reply # 1111377 19-Aug-2014 16:14

chrispchikin: From the firewall logs, it looks like you're dropping outbound multicast traffic to Vodafone - just to prove your multicast config, try adding a temporary rule similar to below:

Source: ANY
Destination: ANY
Proto: IGMP
Action: Allow

Once this is working, you can refine the source and destinations of the rule.

I get this:

chrispchikin

121 posts

Master Geek
+1 received by user: 30

Reply # 1111388 19-Aug-2014 16:31

Any change in STB behaviour?

Were you seeing those log messages before?

Can you tell me which hosts are using what IP addresses?

192.168.1.1 - ?
192.168.1.254 - ?
192.168.1.24 ?

kenkeniff

563 posts

Ultimate Geek
+1 received by user: 89

Reply # 1111401 19-Aug-2014 16:47

chrispchikin: Any change in STB behaviour?

Were you seeing those log messages before?

Can you tell me which hosts are using what IP addresses?

192.168.1.1 - ?
192.168.1.254 - ?
192.168.1.24 ?

192.168.1.1 > pfSense LAN
192.168.1.254 > HG659 Router
192.168.1.7 > Should be Vodafone TV STB (According to STB's network settings)
192.168.1.24 > Unknown, could be STB (has MAC 00:0b:b6:1c:e2:73)

After opening UDP on WAN & LAN and rebooting decoder it shows sightly different but similar error; "..network link down..."

igmpproxy logs seem the same, but not getting any UDP logged now I've opened it up.

Does VFTV by any chance use IPv6 at all?

Also can you confirm whether it should or shouldn't be on the same VLAN in Internet traffic?

Thanks

kenkeniff

563 posts

Ultimate Geek
+1 received by user: 89

Reply # 1111413 19-Aug-2014 16:55

It seems the STB has a fixed IP of 192.168.1.7 however pfSense DHCP assigned 192.168.1.24 so I've setup a static mapping to 192.168.1.7. Hasn't gotten it working though.

hio77

'That VDSL Cat'
8889 posts

Uber Geek
+1 received by user: 1942

Trusted

Spark

Subscriber

Reply # 1111419 19-Aug-2014 17:00

One person supports this post

What are you trying to use the HG659 for? it seems your overcomplicating your setup by throwing it into the mix.

It was never confirmed that these settings are 100%, but have you looked at this thread? http://www.geekzone.co.nz/forums.asp?forumid=40&topicid=143367
Might give you a bit of an idea what else needs an wack to get it all working.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

kenkeniff

563 posts

Ultimate Geek
+1 received by user: 89

Reply # 1111425 19-Aug-2014 17:06

hio77: What are you trying to use the HG659 for? it seems your overcomplicating your setup by throwing it into the mix.

It was never confirmed that these settings are 100%, but have you looked at this thread? http://www.geekzone.co.nz/forums.asp?forumid=40&topicid=143367
Might give you a bit of an idea what else needs an wack to get it all working.

The HG659 is being used in bridge mode as a simple switch / wireless AP, it works fine with the other devices connected so don't think its causing any issues.

Yes had a look at that page, it seems on the AC66U it's just a matter of enabling IGMP Proxy / Snooping and it takes care of the rest however on pfSense the actual Upstream/Downstream ranges and Firewall rules need to specified individually.

Coil

6166 posts

Uber Geek
+1 received by user: 1892

Trusted

Reply # 1111431 19-Aug-2014 17:14

Running that PFSense firewall in the way will have a huge impairment. It wouldn't surprise me if it is also dropping the streams from our servers.
Ill Pm you something to try on a PC to see if Multicast is working.

chrispchikin

121 posts

Master Geek
+1 received by user: 30

Reply # 1111432 19-Aug-2014 17:15

You're right the HG659 running in bridge mode would effectively stop any sort of IGMP proxy role it would be performing (its WAN interface would be down).

Yes it is definitely a supported configuration to have the STB on the same LAN as your clients, basically pfsense (or the HG659 for other VF users) is acting as a multicast client to Vodafone, sending 'join requests' in order to request the TV stream (on the WAN side).

On the LAN side it should be receiving multicast join requests from the STB and registering the client as a multicast group member.

Your logs are showing that pfsense is actually sending an IGMP join out the em0 interface (I'm assuming that's your WAN), so it is half working.

If you can't get the DHCP reservation working, I'd statically the the IP address on the STB for now and make sure you know what its address is, restart the STB and post the logs that follow :)

chrispchikin

121 posts

Master Geek
+1 received by user: 30

Reply # 1111446 19-Aug-2014 17:18

One person supports this post

TimA: Running that PFSense firewall in the way will have a huge impairment. It wouldn't surprise me if it is also dropping the streams from our servers.
Ill Pm you something to try on a PC to see if Multicast is working.

What impairment are you referring to?

IGMP is IGMP (standards based) and should not depend on platform or OS.

Coil

6166 posts

Uber Geek
+1 received by user: 1892

Trusted

Reply # 1111448 19-Aug-2014 17:21

chrispchikin:
TimA: Running that PFSense firewall in the way will have a huge impairment. It wouldn't surprise me if it is also dropping the streams from our servers.
Ill Pm you something to try on a PC to see if Multicast is working.

What impairment are you referring to?

IGMP is IGMP (standards based) and should not depend on platform or OS.

I cant comment too far on how the service is delivered. I have seen firewalls stand in its way. Zollymonsta is in more of a position to speak than i am if he is able to..

chrispchikin

121 posts

Master Geek
+1 received by user: 30

Reply # 1111457 19-Aug-2014 17:31

TimA:
chrispchikin:
TimA: Running that PFSense firewall in the way will have a huge impairment. It wouldn't surprise me if it is also dropping the streams from our servers.
Ill Pm you something to try on a PC to see if Multicast is working.

What impairment are you referring to?

IGMP is IGMP (standards based) and should not depend on platform or OS.

I cant comment too far on how the service is delivered. I have seen firewalls stand in its way. Zollymonsta is in more of a position to speak than i am if he is able to..

Having 'a firewall' sitting as a proxy in front of a multicast client generally speaking shouldn't cause any more issues that using the stock HG659.

In fact, pfsense would do a far better job.

Kenkeniff - can you try changing your multicast config from the US ISP network to the below?

118.92.0.0/15

(AS7657 VODAFONE-NZ-NGN-AS Vodafone NZ Ltd.,NZ (registered Nov 11, 1997))

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13